SEC701 - Ethical Hacking

Outline info
Semester
School
Last revision date 2024-01-29 00:34:05.377
Last review date 2024-04-01 00:15:05.788


Subject Title
Ethical Hacking

Subject Description
This subject explores various tools and techniques used by various members of the security community (white hats, black hats and grey hats). Students will learn how the tools work and how to recognize the activity of those tools on the network as well as locally on a server or workstation. Major topics will include ethical hacking, footprinting, scanning, enumeration, system hacking, trojans and backdoors, sniffers, Denial of Service (e.g. DoS, DDoS), Session hijacking as well as "hacking web servers". Students will conduct attacks in a controlled environment using both Windows and Linux servers/desktops in this one-semester hands-on course.

Credit Status
1 credit in the CTY program.

Learning Outcomes
Upon successful completion of this subject the student will be able to:

  • Use a variety of tools to perform penetration tests
  • Describe the process of conducting a penetration test
  • Describe, configure and utilize various penetration testing tools
  • Discover existing security vulnerabilities in software and networks and recommend solutions

Essential Employability Skills

    •  Communicate clearly, concisely and correctly in the written, spoken and visual form that fulfils the purpose and meets the needs of the audience.

    •  Respond to written, spoken, or visual messages in a manner that ensures effective communication.

    •  Execute mathematical operations accurately.

    •  Apply a systematic approach to solve problems.

    •  Use a variety of thinking skills to anticipate and solve problems.

    •  Locate, select, organize, and document information using appropriate technology and information systems.

    •  Analyze, evaluate, and apply relevant information from a variety of sources.

    •  Interact with others in groups or teams in ways that contribute to effective working relationships and the achievement of goals.

    •  Manage the use of time and other resources to complete projects.

    •  Take responsibility for one's own actions, decisions, and consequences.

Academic Integrity
Seneca upholds a learning community that values academic integrity, honesty, fairness, trust, respect, responsibility and courage. These values enhance Seneca's commitment to deliver high-quality education and teaching excellence, while supporting a positive learning environment. Ensure that you are aware of Seneca's Academic Integrity Policy which can be found at: http://www.senecapolytechnic.ca/about/policies/academic-integrity-policy.html Review section 2 of the policy for details regarding approaches to supporting integrity. Section 2.3 and Appendix B of the policy describe various sanctions that can be applied, if there is suspected academic misconduct (e.g., contract cheating, cheating, falsification, impersonation or plagiarism).

Please visit the Academic Integrity website http://open2.senecac.on.ca/sites/academic-integrity/for-students to understand and learn more about how to prepare and submit work so that it supports academic integrity, and to avoid academic misconduct.

Discrimination/Harassment
All students and employees have the right to study and work in an environment that is free from discrimination and/or harassment. Language or activities that defeat this objective violate the College Policy on Discrimination/Harassment and shall not be tolerated. Information and assistance are available from the Student Conduct Office at student.conduct@senecapolytechnic.ca.

Accommodation for Students with Disabilities
The College will provide reasonable accommodation to students with disabilities in order to promote academic success. If you require accommodation, contact the Counselling and Accessibility Services Office at ext. 22900 to initiate the process for documenting, assessing and implementing your individual accommodation needs.

Camera Use and Recordings - Synchronous (Live) Classes
Synchronous (live) classes may be delivered in person, in a Flexible Learning space, or online through a Seneca web conferencing platform such as MS Teams or Zoom. Flexible Learning spaces are equipped with cameras, microphones, monitors and speakers that capture and stream instructor and student interactions, providing an in-person experience for students choosing to study online.

Students joining a live class online may be required to have a working camera in order to participate, or for certain activities (e.g. group work, assessments), and high-speed broadband access (e.g. Cable, DSL) is highly recommended. In the event students encounter circumstances that impact their ability to join the platform with their camera on, they should reach out to the professor to discuss. Live classes may be recorded and made available to students to support access to course content and promote student learning and success.

By attending live classes, students are consenting to the collection and use of their personal information for the purposes of administering the class and associated coursework. To learn more about Seneca's privacy practices, visit Privacy Notice.

Prerequisite(s)
INT420 and SEC520

Topic Outline

  • Ethics and law - 5%
    •     white, black and grey hats
    •     process of the attack
    •     penetration testing and computer forensic overview
  • Footprinting - 10%
    •     Google
    •     Network mapping
    •     Tools: ARIN, whois, dig, nslookup, traceroute, NeoTrace, Visual Route, SmartWhois, VisualLookout, VisualRoute Mail Tracker, eMailTrackerPro, SamSpade, geektools.com
  • Scanning - 15%
    •     tcp/udp/icmp/snmp and their place in network scanning
    •     wardialers and wardrivers
    •     passive and active fingerprinting
    •     tools: THC Scan, THC Login Hacker, pinger, hping, hping2, icmpenum, Genius, snort, Nmap, ipEye, IPSecScan, Superscan, Cheops, httptunnel, HTTPort
  • Enumeration - 10%
    •     CIFS/SMB
    •     scanning and enumeration
    •     SNMP for enumeration
    •     tools: NBTscan, DumpSec, NAT,SNMPutil, sid2user, user2sid, enum, Userinfo, GetAcct, ldp.exe
  • System Hacking - 15%
    •     password breaches - brute force versus dictionary
    •     sniffers: active and passive
    •     NTFS Alternate Data Streaming (ADS)
    •     Word/Excel documents
    •     tools:
      •         legion, NTInfoScan (aka Cerberus Internet Scanner), VisualLast, ettercap, ethereal, tcpdump, windump, L0phtCrack (aka LC5), KerbCrack, GetAdmin, hk.exe, NTFSDos, samdump.exe,SMBCapture, SMBRelay
      •         SMBRelay2, SMBGrind, SMBDie, NBTDeputy, John the Ripper, Spector (spyware), eBlaster, IKS Software Keylogger, AFX Rootkit 2005, auditpol.exe, Dump Event Log, eslave.exe, WinZapper
      •         Evidence Eliminator, makestrm.exe, streams, LADS, Hidden Field Detector, Stegonosaurus, Steganos, Snow, OutGuess, SecurEngine, ImageHide, Camera/Shy
      •         Stegdetect, dskprobe.exe, EtherFlood, dsniff, Macof, MailSnarf, URLSnarf, WebSpy, SMAC, Mac Changer, NetIntercept, WinDNSSpoof
  • Trojans/Backdoors/Viruses/Worms - 15%
    •     trojans and backdoors
    •     ICMP Tunnelling & covert channels
    •     viruses and worms through the use of manual registry checking and sniffers
    •     tools:
      •         QAZ, Tini, Netcat, Donald Dick, SubSeven, BO2K, NetBus, Graffiti.exe, EliteWrap, IconPlus, Restorator, WordPad, Whack-A-Mole, BOSniffer,FireKiller 2000, Loki, Reverse WWW Shell, fPort, TCPView
      •         ProcessExplorer, Inzider, SennaSpy, Hard Disk Killer, TripWire, Beast, various known viruses, Code Red I/II, Blaster
  • DoSes - 15%
    •     DoSes

Mode of Instruction
This course will be a discussion group and hands-on lab course. Students are expect to participate in all labs (labs will be both periods) and hand in weekly reports on the labs.

Prescribed Texts

  • Computer Security and Penetration Testing by Basta & Halton; ISBN 1-4180-4826-6 published by Delmar Learning
  • Metasploit: The penetration tester's guide by Kennedy, O'Gorman, Kearns and Aharoni; ISBN 978-1-59327-288-3 published by No Starch Press

Reference Material
None

Required Supplies

  •     Tools CD (purchase from instructor at cost of CD)
  •     Students must bring a hard drive to be used SOLELY for this class

Student Progression and Promotion Policy
To obtain a credit in this subject, a student must:

  •     Achieve a grade of 55% or better on the final exam
  •     Achieve a weighted average of 55% or better for the tests and final exam
  •     Achieve a grade of 55% or better on the overall course
  •     Complete ALL assignments

http://www.senecapolytechnic.ca/about/policies/student-progression-and-promotion-policy.html

Grading Policyhttp://www.senecapolytechnic.ca/about/policies/grading-policy.html

A+90%  to  100%
A80%  to  89%
B+75%  to  79%
B70%  to  74%
C+65%  to  69%
C60%  to  64%
D+55%  to  59%
D50%  to  54%
F0%    to  49% (Not a Pass)
OR
EXCExcellent
SATSatisfactory
UNSATUnsatisfactory

For further information, see a copy of the Academic Policy, available online (http://www.senecapolytechnic.ca/about/policies/academics-and-student-services.html) or at Seneca's Registrar's Offices. (https://www.senecapolytechnic.ca/registrar.html).


Modes of Evaluation

Assignment(s) 20%
Tests Written 20%
Practical Lab Test 20%
Labs 10%
Final Exam 30%

Approved by: Mary-Lynn Manton